kubeadm安装k8s-1.32

主机准备

主机名 IP 地址 系统版本   K8S 版本
k8s-master  192.168.3.100  Ubuntu24.04 v1.32
k8s-worker1  192.168.3.101 Ubuntu24.04 v1.32
k8s-worker2  192.168.3.102 Ubuntu24.04 v1.32

系统配置

关闭 swap

swapoff -a && sysctl -w vm.swappiness=0
sed -ri '/^[^#]*swap/s@^@#@' /etc/fstab

时间同步

timedatectl set-timezone Asia/Shanghai
apt install -y ntpsec-ntpdate
ntpdate ntp.aliyun.com

设置 hosts

cat >> /etc/hosts << EOF
192.168.3.100 k8s-master
192.168.3.101 k8s-worker1
192.168.3.102 k8s-worker2
EOF

 允许 iptables 检查桥接流量

cat <<EOF | tee /etc/modules-load.d/k8s.conf
br_netfilter
EOF
cat <<EOF | tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF
sysctl --system

安装 docker-ce

export DOWNLOAD_URL="https://mirrors.tuna.tsinghua.edu.cn/docker-ce"
curl -fsSL https://raw.githubusercontent.com/docker/docker-install/master/install.sh | sh

查看 cgroup 的管理进程需要为 systemd ubuntu 默认不用修改

root@k8s-worker2:~# docker info  | grep "Cgroup Driver:"
 Cgroup Driver: systemd

配置 Kubernetes软件源

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
cat <<EOF >>/etc/apt/sources.list.d/kubernetes.list
deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb/ /
# deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://mirrors.tuna.tsinghua.edu.cn/kubernetes/addons:/cri-o:/stable:/v1.32/deb/ /
EOF

获取最新软件包 

root@k8s-master:~# apt-get update
Hit:1 https://mirrors.tuna.tsinghua.edu.cn/docker-ce/linux/ubuntu noble InRelease
Get:2 https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb  InRelease [1,186 B]      
Get:3 https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb  Packages [8,847 B]       
Hit:4 http://security.ubuntu.com/ubuntu noble-security InRelease                
Hit:5 http://mirrors.tuna.tsinghua.edu.cn/ubuntu noble InRelease
Hit:6 http://mirrors.tuna.tsinghua.edu.cn/ubuntu noble-updates InRelease
Hit:7 http://mirrors.tuna.tsinghua.edu.cn/ubuntu noble-backports InRelease
Fetched 10.0 kB in 1s (7,908 B/s)
Reading package lists... Done
root@k8s-master:~# apt-cache madison kubeadm
   kubeadm | 1.32.5-1.1 | https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb  Packages
   kubeadm | 1.32.4-1.1 | https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb  Packages
   kubeadm | 1.32.3-1.1 | https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb  Packages
   kubeadm | 1.32.2-1.1 | https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb  Packages
   kubeadm | 1.32.1-1.1 | https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb  Packages
   kubeadm | 1.32.0-1.1 | https://mirrors.tuna.tsinghua.edu.cn/kubernetes/core:/stable:/v1.32/deb  Packages

安装并查看版本

apt-get -y install kubelet=1.32.5-1.1 kubeadm=1.32.5-1.1 kubectl=1.32.5-1.1 
root@k8s-master:~# kubectl version
Client Version: v1.32.5
Kustomize Version: v5.5.0
The connection to the server localhost:8080 was refused - did you specify the right host or port?
root@k8s-master:~# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"32", GitVersion:"v1.32.5", GitCommit:"9894294ef13a5b32803e3ca2c0d620a088cc84d1", GitTreeState:"clean", BuildDate:"2025-05-15T09:10:46Z", GoVersion:"go1.23.8", Compiler:"gc", Platform:"linux/amd64"}
root@k8s-master:~# kubelet --version
Kubernetes v1.32.5

配置 ipvsadm 模块

apt install -y ipset ipvsadm

cat << EOF | tee /etc/modules-load.d/ipvs.conf
ip_vs
ip_vs_rr
ip_VS_wrr
ip_vs_sh
nf_conntrack
EOF

cat << EOF | tee ipvs.sh
#!/bin/sh
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack
EOF

sh ipvs.sh

lsmod | grep ip_vs #验证

安装 cri-docker

wget https://github.com/Mirantis/cri-dockerd/releases/download/v0.3.17/cri-dockerd-0.3.17.amd64.tgz
tar xf cri-dockerd-0.3.16.amd64.tgz
mv cri-dockerd/cri-dockerd /usr/local/bin/
cri-dockerd --version

配置开机启动 

k8s1.32版本对应的pause是3.10

cat > /etc/systemd/system/cri-dockerd.service<<-EOF
[Unit]
Description=CRI Interface for Docker Application Container Engine
Documentation=https://docs.mirantis.com
After=network-online.target firewalld.service docker.service
Wants=network-online.target
Requires=cri-docker.socket     #system cri-docker.socket  文件名
 
[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10
 --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock --cri-dockerd-root-directory=/var/lib/dockershim --docker-endpoint=unix:///var/run/docker.sock --cri-dockerd-root-directory=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always
StartLimitBurst=3
StartLimitInterval=60s
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
Delegate=yes
KillMode=process
[Install]
WantedBy=multi-user.target
EOF
cat > /etc/systemd/system/cri-docker.socket <<-EOF
[Unit]
Description=CRI Docker Socket for the API
PartOf=cri-docker.service    #systemd cri-docker.servics 文件名
 
[Socket]
ListenStream=/var/run/cri-dockerd.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
 
[Install]
WantedBy=sockets.target
EOF

启动服务设置开机启动

systemctl daemon-reload
systemctl enable cri-dockerd.service
systemctl restart cri-dockerd.service

验证启动信息

root@k8s-master:~#  ls  /var/run | grep docker
cri-dockerd.sock
docker
docker.pid
docker.sock

配置 kubelet三台都执行

vim /etc/default/kubelet
KUBELET_EXTRA_ARGS="--cgroup-driver=systemd"

初始化集群 

kubeadm init \
--kubernetes-version=1.32.5 \
--control-plane-endpoint=k8s-master \
--apiserver-advertise-address=192.168.3.100 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--image-repository=registry.aliyuncs.com/google_containers \
--cri-socket=unix:///var/run/cri-dockerd.sock \
--upload-certs \
--v=9
  • kubernetes-version:指定k8s的版本
  • control-plane-endpoint:可以理解为集群master的命名,随意写即可
  • apiserver-advertise-address:集群中master的地址!
  • pod-network-cidr:pod网段地址,只要不与集群网段和service网段重复即可
  • service-cidr:service网段地址,只要不与集群网段和pod网段重复即可
  • image-repository:指定使用国内镜像
  • cri-socket:指定使用的容器运行时,如果你使用的containerd容器,那就不用写这个参数
  • v:日志级别,9表示输出的信息会很详细

把这个保留,worker 节点需要使用

kubeadm join k8s-master:6443 --token cd44tk.asapxylyw3tbj7zk \
	--discovery-token-ca-cert-hash sha256:7a5dd4bdcedf91c967f7564dcb7029465d0fc4f59fbadfb639abf23c713d62d3

主节点执行

root@k8s-master:~# mkdir -p $HOME/.kube
root@k8s-master:~# sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
root@k8s-master:~# sudo chown $(id -u):$(id -g) $HOME/.kube/config

在 worker1 和 worker2 分别执行

kubeadm join k8s-master:6443 --token cd44tk.asapxylyw3tbj7zk \
	--discovery-token-ca-cert-hash sha256:7a5dd4bdcedf91c967f7564dcb7029465d0fc4f59fbadfb639abf23c713d62d3 \
    --cri-socket=unix:///var/run/cri-dockerd.sock

查询是否加入成功

root@k8s-master:~# kubectl get nodes
NAME          STATUS     ROLES           AGE   VERSION
k8s-master    NotReady   control-plane   17m   v1.32.5
k8s-worker1   NotReady   <none>          6s    v1.32.5
k8s-worker2   NotReady   <none>          11s   v1.32.5

 安装 calico(参照这个):https://www.cnblogs.com/zyyang1993/p/18849419

root@k8s-master:~# kubectl get nodes
NAME          STATUS   ROLES           AGE    VERSION
k8s-master    Ready    control-plane   117m   v1.32.5
k8s-worker1   Ready    <none>          100m   v1.32.5
k8s-worker2   Ready    <none>          101m   v1.32.5

 

posted @ 2025-05-30 14:46  Maniana  阅读(353)  评论(0)    收藏  举报